State notification register
Louisiana data breach notification law: in the most expedient time possible and without unreasonable delay.
Louisiana's breach-notification obligations are set by La. R.S. 51:3071 et seq. (Database Security Breach Notification Law). This page summarises the deadline to notify affected residents, the attorney general notification threshold, whether a private right of action exists, and the penalties for late or missing notification. Every provision is cited to its source statute and was verified in June 2026.
Individual deadline
60 days
From discovery / determination
AG notification
Required
All breaches affecting Louisiana residents
Private action
Limited
Civil action for actual damages from failure to give timely notice, not for the breach itself
Statute
LA
La. R.S. 51:3071 et seq.
Section LA.1
What the statute requires
Under La. R.S. 51:3071 et seq., the Database Security Breach Notification Law, a business that owns or licenses computerized personal information of Louisiana residents must notify affected individuals in the most expedient time possible and without unreasonable delay, no later than 60 days from discovery.
Attorney general or state-agency notification is all breaches affecting louisiana residents. Where required, the timeline is: within 10 days of distributing notices to residents.
Section LA.2
What triggers notification
Like most US state statutes, notification is triggered by the unauthorized acquisition of unencrypted, unredacted computerized personal information that compromises its security, confidentiality, or integrity. Two concepts recur across the states and apply here.
Encryption safe harbor
Personal information that was encrypted, and where the encryption key was not also acquired, generally does not trigger notification. A stolen device with full-disk encryption is typically a non-event; an unencrypted record, or an encrypted record where the key was exposed alongside it, is a reportable breach.
Who must be notified
- [1] Affected Louisiana residents: 60 days
- [2] Attorney general / state agency: all breaches affecting louisiana residents
- [3] Consumer reporting agencies where the breach is large-scale
Section LA.3
Penalties and enforcement
Unfair trade practice; up to $5,000 per violation per day for AG-notification failures.
Private right of action: Limited. Civil action for actual damages from failure to give timely notice, not for the breach itself.
Primary source:Louisiana statute La. R.S. 51:3071 et seq. (Database Security Breach Notification Law); verified June 2026 against state statutory summaries and the underlying statute text.
Section LA.4
How this compares to the strictest states
The strictest US deadlines are 30 days (California, Florida, Washington, Colorado, Maine, New York, New Jersey). The majority of states use a qualitative "without unreasonable delay" standard with no fixed day cap. Here is where Louisiana sits.
Louisiana imposes a fixed 60-day deadline. The strictest states cut this to 30 days, so Louisiana sits 30 days behind the tightest regimes.
Cross-references
Index / All 50 states + DC
→The full register: deadline and AG threshold for every state.
Schedule 09 / Notification laws
→Global frameworks and the cost of notification.
01 / Breach cost calculator
→Estimate your Louisiana breach exposure, including notification cost.
Regulation / GDPR
→The 72-hour clock and 4%-of-revenue fine framework.
Cost / Notification
→Why notification is roughly 6% of total breach cost.
Schedule F / Reference Q&A
Frequently Asked Questions
Primary source:Louisiana data breach notification statute (La. R.S. 51:3071 et seq.). Provisions verified June 2026 against state statutory summaries (Recording Law US data-privacy series, 2026 edition), the IAPP US State Data Breach Notification Chart, Foley & Lardner's chart, and the underlying statute text.